Getting started
Factory default protection profiles
FortiGate-100 Installation Guide
01-28004-0019-20040830
19
The FortiGate unit comes preconfigured with four protection profiles.
Figure 4: Web protection profile settings
Planning the FortiGate configuration
Before you configure the FortiGate unit, you need to plan how to integrate the unit into
the network. Among other things, you must decide whether you want the unit to be
visible to the network, which firewall functions you want it to provide, and how you
want it to control the traffic flowing between its interfaces.
Your configuration plan depends on the operating mode that you select. The FortiGate
unit can be configured in one of two modes: NAT/Route mode (the default) or
Transparent mode.
Strict
To apply maximum protection to HTTP, FTP, IMAP, POP3, and SMTP traffic.
You may not use the strict protection profile under normal circumstances but
it is available if you have problems with viruses and require maximum
screening.
Scan
To apply antivirus scanning and file quarantining to HTTP, FTP, IMAP,
POP3, and SMTP content traffic.
Web
To apply antivirus scanning and web content blocking to HTTP content
traffic. You can add this protection profile to firewall policies that control
HTTP traffic.
Unfiltered
To apply no scanning, blocking or IPS. Use if you do not want to apply
content protection to content traffic. You can add this protection profile to
firewall policies for connections between highly trusted or highly secure
networks where content does not need to be protected.